Twelve months ago, agent skills didn’t exist as a category. Six months ago, they were a Claude Code-specific feature that most developers hadn’t heard of. Today, the anthropics/skills repository has over 87,000 GitHub stars, AgentSkills.io has been adopted by more than 30 agent platforms, and security researchers are already auditing the supply chain. This is what happened in March 2026.

This post is for developers, team leads, and anyone building with AI agents who wants a clear picture of where the ecosystem stands right now — and where it’s headed.

The Numbers That Define March 2026

A few data points to frame the month:

• 87,000+ stars on Anthropic’s official skills repository on GitHub, with active commits through March 20
• 13,700+ community skills cataloged on ClawHub as of late February, with submissions accelerating through March
• 30+ agent platforms now support the AgentSkills.io specification — including competitors like OpenAI Codex, Google Gemini CLI, GitHub Copilot, Cursor, and JetBrains Junie
• 97 million npm downloads for MCP (Model Context Protocol), the complementary tool-integration standard
• 244,000+ downloads for the single most popular community skill (self-improving-agent by pskoett)

For context, the entire npm registry had about 2 million packages when it took off in 2015. The agent skills ecosystem hit 13,700 skills in roughly three months of mainstream awareness. The growth rate isn’t linear — it’s compounding.

Platform Adoption: From Claude-Only to Universal Standard

The biggest story of March isn’t any single skill or marketplace. It’s that agent skills became a cross-platform standard without any governing body forcing it to happen.

The AgentSkills.io specification, originally developed by Anthropic and open-sourced, defines the SKILL.md format, frontmatter schema, file system layout, and activation semantics. In early 2026, adoption crossed a tipping point. A skill written for Claude Code now works on Gemini CLI, GitHub Copilot, OpenAI Codex, and dozens of other tools without modification.

Key platform moves this month

Microsoft shipped .NET agent skills. The dotnet/skills repository launched on the .NET Blog, bringing skill support to Visual Studio 2026 and GitHub Copilot’s agentic mode. Microsoft’s implementation follows the AgentSkills.io spec, meaning .NET skills are portable to any compatible agent. The fact that Microsoft — Anthropic’s competitor through their OpenAI investment — adopted the same spec tells you something about where the standard stands.

Google published an Agent Skill for the Gemini API itself. The Google Developers Blog post described a skill that teaches Gemini models about their own current API and SDK — solving the fundamental problem of training data going stale. Google’s ADK (Agent Development Kit) now fully supports skill authoring, and developers are building design patterns specifically for ADK skills.

Anthropic updated the official Skill Creator. The Skill Creator tool gained eval scripts and measurement capabilities, making it possible to test how well a skill performs before publishing. Reddit’s r/ClaudeCode community had active discussion about the new format — a sign that skill authors are paying attention to quality tooling.

The Community Skill Explosion

ClawHub’s catalog of 13,700+ skills is the most visible indicator of community activity, but the numbers need context. Not all of those skills are good. In fact, the quality distribution follows a familiar power law: a small percentage of skills account for the vast majority of downloads and actual usage.

What’s getting downloaded

The top skills by download count reveal what developers actually want from agent skills:

1. Self-improving-agent (90,000+ downloads, 1,100+ stars) — captures learnings from errors and corrections, enabling agents to get better over time. Its popularity makes sense: every developer has experienced their agent making the same mistake twice.
2. Frontend design skills — several variations exist, but the SuperDesign skill remains the most installed. Developers want agents that produce good-looking UIs without manual CSS wrangling.
3. GitHub automation skills — the gh-issues skill and its variants automate the entire bug-fix workflow: fetch issues, spawn sub-agents, implement fixes, open PRs. This is the “10x productivity” use case that made agent skills go mainstream.
4. SEO and content writing skills — a growing category as teams realize agents can handle content operations when given proper SEO constraints and style guides.
5. Code review and quality skills — skills that enforce team coding standards, catch security patterns, and review PRs based on project-specific rules.

The pattern is clear: the most popular skills are the ones that encode domain-specific knowledge the model doesn’t have. They succeed because they follow the core principle Thariq outlined: push the model out of its default thinking patterns.

Emerging categories worth watching

Beyond the top downloads, three skill categories saw disproportionate growth in March:

Runbook skills are turning incident response from ad-hoc scrambles into repeatable agent playbooks. Teams encode their symptom → investigation → report workflows as skills, and agents follow them consistently at 3 AM when no senior engineer is awake.

Library reference skills address the training data staleness problem that Google’s own Gemini API skill tackled. When a library ships a breaking change, a reference skill keeps your agent current without waiting for the next model training run.

Business process skills encode tribal knowledge — the undocumented “how we actually do things” procedures that live in senior employees’ heads. As our taxonomy post covered, these are often the highest-ROI skills because the knowledge they contain literally doesn’t exist anywhere else.

Security: The Ecosystem’s Growing Pain

With growth comes risk, and March 2026 brought the agent skills ecosystem’s first serious security reckoning.

The numbers are sobering. Cisco security researchers analyzed over 31,000 agent skills and found that 26% contained at least one vulnerability. Chainguard identified 39 malicious skills with more than 2,200 variants that turned agents into unwitting intermediaries for supply chain attacks. A separate audit by Grith found that of 2,857 skills audited, 12% were outright malicious.

One marketplace reportedly discovered 1,184 malicious skills poisoning its catalog. The attack vectors include:

• Data exfiltration through metadata handling — skills that trigger outbound requests while showing benign chat output
• Shell command injection via scripts/ — malicious code hidden in skill script files that execute with the agent’s permissions
• Prompt injection through references/ — reference files that override the agent’s behavior when loaded into context
• Dependency confusion — skills with names similar to popular ones, hoping for typo-based installations

What this means for skill consumers

The security situation doesn’t mean you should stop using skills. It means you should be selective about where you get them. Curated marketplaces like AgentSkillExchange review submissions before listing them. ClawHub has community ratings and star counts that provide social signals. Anthropic’s official repository undergoes code review.

Installing random skills from unknown GitHub repositories is the 2026 equivalent of running curl | bash from untrusted URLs. The convenience is real, but so is the risk.

Our MCP vs. Agent Skills comparison covered the complementary security models of both standards. As a practical baseline: audit the scripts/ directory of any skill you install, verify the author’s identity, and prefer skills with download counts above 1,000.

MCP and Skills: Complementary, Not Competing

A recurring question in March was whether MCP servers would replace agent skills or vice versa. The answer is neither — they serve different purposes and the best agent setups use both.

MCP hit 97 million npm downloads by early 2026, driven by enterprise adoption. The 2026 MCP roadmap focuses on transport scalability, agent-to-agent communication, governance, and enterprise readiness. MCP servers are becoming privileged execution environments that bridge agents to file systems, APIs, and cloud infrastructure.

Agent skills, by contrast, operate at the knowledge and behavior layer. A skill doesn’t give your agent new capabilities — it gives your agent better judgment about how to use existing capabilities. The two standards compose naturally: an MCP server provides the Kubernetes API connection, while a Kubernetes skill tells the agent when to use kubectl rollout undo instead of kubectl delete pod.

This complementary relationship is why the ecosystem is growing along both axes simultaneously rather than one cannibalizing the other.

The “Skill Economy” Takes Shape

An interesting development covered by Stormy AI is the emergence of commercial skill development. In 2024 and 2025, entrepreneurs built businesses selling “mega-prompts” on marketplaces. By March 2026, that model looks outdated. Prompts are ephemeral — they die when the session ends. Skills persist, compose, and improve over time.

Some skill authors are already treating their work as products: maintaining changelogs, publishing documentation, responding to issues, and tracking download metrics. The self-improving-agent skill, for example, has a dedicated blog post on ClawHub with installation walkthroughs and real-world use cases. This is software product development applied to agent knowledge.

Whether this becomes a sustainable economic model depends on how skill marketplaces handle distribution and discovery. Right now, discovery is a known problem — even marketplace operators acknowledge that “it’s hard to use great skills if you don’t know where to look.”

What to Watch in April

Based on the trajectories from March, here’s what we expect to see in the coming weeks:

Security tooling matures. Chainguard’s launch of dedicated agent skill security scanning, combined with the audit results from Cisco and Grith, will push marketplaces toward mandatory security checks. Expect more curated, fewer open-submission marketplaces.

Enterprise skill management emerges. Teams with 50+ installed skills need version pinning, update policies, and access controls. The tooling for this doesn’t exist yet, but the demand does. Microsoft’s Agent Framework already hints at enterprise-grade skill management.

Cross-platform skill testing becomes standard. A skill that works on Claude Code but breaks on Gemini CLI is a portability bug. As the AgentSkills.io spec matures, we’ll see CI pipelines that test skills across multiple agent platforms before publishing.

Category specialization accelerates. The early ecosystem was dominated by general-purpose coding skills. March showed growth in niche categories — healthcare compliance runbooks, financial modeling templates, legal document review. The most valuable skills are the ones with the deepest domain knowledge.

Key Takeaways

• The agent skills ecosystem crossed the “serious infrastructure” threshold in March 2026, with 87K+ stars, 13,700+ community skills, and 30+ platform adoptions
• The AgentSkills.io spec is now the de facto cross-platform standard, adopted by Anthropic, Google, Microsoft, and independent tool makers
• Security is the biggest risk: 26% of audited skills contain vulnerabilities, and 12% of one sample were actively malicious
• MCP and skills are complementary (capabilities vs. knowledge), not competing
• Curated marketplaces matter more than ever — install skills from sources that review submissions

Frequently Asked Questions

How many agent skills exist as of March 2026?

ClawHub catalogs over 13,700 community skills. Anthropic’s official repository contains curated, reviewed skills with 87,000+ GitHub stars. The total across all distribution channels — GitHub repos, npm packages, marketplace listings, and private team skills — is significantly higher, though no single source tracks them all.

Are agent skills safe to install?

Not automatically. Security audits found that 12-26% of skills in various catalogs contain vulnerabilities or malicious code. Stick to curated marketplaces like AgentSkillExchange, check star counts and download numbers, and audit the scripts/ directory of any skill before installation.

Do agent skills work across different AI platforms?

Yes, if they follow the AgentSkills.io specification. Over 30 platforms — including Claude Code, Gemini CLI, OpenAI Codex, GitHub Copilot, Cursor, and JetBrains Junie — support the same SKILL.md format. A well-written skill should work on any compatible agent without modification.

What’s the difference between agent skills and MCP servers?

MCP servers provide capabilities (connecting to APIs, file systems, databases). Agent skills provide knowledge and judgment (when to use those capabilities, how to avoid common mistakes, what patterns to follow). Most production setups benefit from both. For a detailed comparison, see our MCP vs. Agent Skills breakdown.

Stay Current

The ecosystem moves fast. We publish daily coverage on the ASE blog, and our top skills roundup stays updated as new skills gain traction.

If you’re building skills: focus on domain-specific knowledge, write thorough description fields and gotchas sections, and submit to AgentSkillExchange when it’s ready. The bar for quality is rising — that’s good for everyone.